Cyber Security Awareness and Vulnerabilities Blog

  • Home
  • Cyber Security Awareness and Vulnerabilities Blog

19

Apr

Five Reasons You Need Identity Governance & Administration

Demands on organizations continue to intensify – the precarious balance of requests for more access with the need to be more secure is difficult to maintain. Additionally, all of this is to be achieved faster, with fewer resources. It is more important than…

Read More

04

Apr

Six Stages of Penetration Testing

Through penetration testing, you can proactively identify the most exploitable security weaknesses before someone else does. However, there’s a lot more to it than the actual act of infiltration. Pen testing is a thorough, well thought out project that consists of several phases.…

Read More

04

Apr

Teaching Old Malware New Tricks: How the Latest Mirai Variant Targets New Devices

Learn how Mirai works, what its newest features are, and how you can protect your organization from this destructive malware strain. 

Read More

31

Mar

How to Secure the Internet of Things

The Internet of Things (IoT) stands to have a tremendous impact on business – and life – as we know it. Gartner estimates that by 2020 the IoT will grow to 26 billion units installed, and IoT product and service suppliers will generate…

Read More

31

Mar

What Are Advanced Persistent Threats (APTs)?

Advanced Persistent Threats (APTs) are a cybercrime category directed at business and political targets. APTs require a high degree of stealth over a prolonged duration of operation in order to be successful. The attack objectives typically extend beyond immediate financial gain, and compromised…

Read More

07

Mar

WebExec Revolutions: The strange case of the Update Service…that doesn't update

In a previous blog post, I described how I bypassed the patch for the first fix for CVE-2018-15422. That bypass was also discovered by other researchers as well. You can check that out in Cisco’s updated advisory. Now, WebExec was the name given to…

Read More

04

Mar

Penetration Testing: Breaking in to Keep Others Out

What is Penetration Testing? Penetration testing is a direct test of an application, a device, a website, an organization, and even the people that work at an organization. It first involves attempting to identify and then attempting to exploit different security weaknesses that can…

Read More

27

Nov

Bypassing CVE-2018-15442: Another Case of DLL Hijacking

As an exploit writer, one of my tasks consists of gathering common vulnerabilities and exposures (CVE) and all of the information related to them in order to design an exploit for Core Impact. As part of this process I stumbled across CVE-2018-15422: A…

Read More

12

Jul

What are the 3 Most Common Access Risks?

These days it seems like there are security solutions for almost everything except, the one thing you can never fully secure - humans. But, while you can’t control everything they open or click on, you can control their access to your sensitive data.…

Read More

28

Jun

How to Solve the Top 3 Struggles of Identity Governance and Administration

Identity Governance and Administration is a complex and growing, set of solutions that are put in place to help your organization stay compliant with government or industry regulations and, perhaps more importantly, help secure your organization. However, with every new solution, there are…

Read More